DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

DPP: Extend DPP_PKEX_ADD ver=<1/2> to cover Responder role

Browse source 
Allow PKEX v1-only or v2-only behavior to be specific for the Responder
role. This is mainly for testing purposes.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This commit is contained in:
Jouni Malinen 2022-03-07 21:37:40 +02:00 committed by Jouni Malinen
parent 6c3c431bbd
commit eeb72e7c9a
5 changed files with 74 additions and 54 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

59
src/ap/dpp_hostapd.c
View file

@ -346,14 +346,8 @@ static int hostapd_dpp_pkex_done(void *ctx, void *conn,
#endif /* CONFIG_DPP2 */ #endif /* CONFIG_DPP2 */
enum hostapd_dpp_pkex_ver {
PKEX_VER_AUTO,
PKEX_VER_ONLY_1,
PKEX_VER_ONLY_2,
};
static int hostapd_dpp_pkex_init(struct hostapd_data *hapd, static int hostapd_dpp_pkex_init(struct hostapd_data *hapd,
enum hostapd_dpp_pkex_ver ver, enum dpp_pkex_ver ver,
const struct hostapd_ip_addr *ipaddr, const struct hostapd_ip_addr *ipaddr,
int tcp_port) int tcp_port)
{ {
@ -1986,6 +1980,17 @@ hostapd_dpp_rx_pkex_exchange_req(struct hostapd_data *hapd, const u8 *src,
wpa_printf(MSG_DEBUG, "DPP: PKEX Exchange Request from " MACSTR, wpa_printf(MSG_DEBUG, "DPP: PKEX Exchange Request from " MACSTR,
MAC2STR(src)); MAC2STR(src));
if (hapd->dpp_pkex_ver == PKEX_VER_ONLY_1 && v2) {
wpa_printf(MSG_DEBUG,
"DPP: Ignore PKEXv2 Exchange Request when configured to be PKEX v1 only");
return;
}
if (hapd->dpp_pkex_ver == PKEX_VER_ONLY_2 && !v2) {
wpa_printf(MSG_DEBUG,
"DPP: Ignore PKEXv1 Exchange Request when configured to be PKEX v2 only");
return;
}
/* TODO: Support multiple PKEX codes by iterating over all the enabled /* TODO: Support multiple PKEX codes by iterating over all the enabled
* values here */ * values here */
@ -2409,6 +2414,11 @@ int hostapd_dpp_pkex_add(struct hostapd_data *hapd, const char *cmd)
{ {
struct dpp_bootstrap_info *own_bi; struct dpp_bootstrap_info *own_bi;
const char *pos, *end; const char *pos, *end;
#ifdef CONFIG_DPP3
enum dpp_pkex_ver ver = PKEX_VER_AUTO;
#else /* CONFIG_DPP3 */
enum dpp_pkex_ver ver = PKEX_VER_ONLY_1;
#endif /* CONFIG_DPP3 */
int tcp_port = DPP_TCP_PORT; int tcp_port = DPP_TCP_PORT;
struct hostapd_ip_addr *ipaddr = NULL; struct hostapd_ip_addr *ipaddr = NULL;
#ifdef CONFIG_DPP2 #ifdef CONFIG_DPP2
@ -2474,27 +2484,22 @@ int hostapd_dpp_pkex_add(struct hostapd_data *hapd, const char *cmd)
if (!hapd->dpp_pkex_code) if (!hapd->dpp_pkex_code)
return -1; return -1;
pos = os_strstr(cmd, " ver=");
if (pos) {
int v;
pos += 5;
v = atoi(pos);
if (v == 1)
ver = PKEX_VER_ONLY_1;
else if (v == 2)
ver = PKEX_VER_ONLY_2;
else
return -1;
}
hapd->dpp_pkex_ver = ver;
if (os_strstr(cmd, " init=1")) { if (os_strstr(cmd, " init=1")) {
#ifdef CONFIG_DPP3
enum hostapd_dpp_pkex_ver ver = PKEX_VER_AUTO;
#else /* CONFIG_DPP3 */
enum hostapd_dpp_pkex_ver ver = PKEX_VER_ONLY_1;
#endif /* CONFIG_DPP3 */
pos = os_strstr(cmd, " ver=");
if (pos) {
int v;
pos += 5;
v = atoi(pos);
if (v == 1)
ver = PKEX_VER_ONLY_1;
else if (v == 2)
ver = PKEX_VER_ONLY_2;
else
return -1;
}
if (hostapd_dpp_pkex_init(hapd, ver, ipaddr, tcp_port) < 0) if (hostapd_dpp_pkex_init(hapd, ver, ipaddr, tcp_port) < 0)
return -1; return -1;
} else { } else {

2
src/ap/hostapd.h
View file

@ -14,6 +14,7 @@
#endif /* CONFIG_SQLITE */ #endif /* CONFIG_SQLITE */
#include "common/defs.h" #include "common/defs.h"
#include "common/dpp.h"
#include "utils/list.h" #include "utils/list.h"
#include "ap_config.h" #include "ap_config.h"
#include "drivers/driver.h" #include "drivers/driver.h"
@ -388,6 +389,7 @@ struct hostapd_data {
struct dpp_bootstrap_info *dpp_pkex_bi; struct dpp_bootstrap_info *dpp_pkex_bi;
char *dpp_pkex_code; char *dpp_pkex_code;
char *dpp_pkex_identifier; char *dpp_pkex_identifier;
enum dpp_pkex_ver dpp_pkex_ver;
char *dpp_pkex_auth_cmd; char *dpp_pkex_auth_cmd;
char *dpp_configurator_params; char *dpp_configurator_params;
struct os_reltime dpp_last_init; struct os_reltime dpp_last_init;

6
src/common/dpp.h
View file

@ -172,6 +172,12 @@ struct dpp_bootstrap_info {
#define PKEX_COUNTER_T_LIMIT 5 #define PKEX_COUNTER_T_LIMIT 5
enum dpp_pkex_ver {
PKEX_VER_AUTO,
PKEX_VER_ONLY_1,
PKEX_VER_ONLY_2,
};
struct dpp_pkex { struct dpp_pkex {
void *msg_ctx; void *msg_ctx;
unsigned int initiator:1; unsigned int initiator:1;

59
wpa_supplicant/dpp_supplicant.c
View file

@ -2729,14 +2729,8 @@ static int wpas_dpp_pkex_done(void *ctx, void *conn,
#endif /* CONFIG_DPP2 */ #endif /* CONFIG_DPP2 */
enum wpas_dpp_pkex_ver {
PKEX_VER_AUTO,
PKEX_VER_ONLY_1,
PKEX_VER_ONLY_2,
};
static int wpas_dpp_pkex_init(struct wpa_supplicant *wpa_s, static int wpas_dpp_pkex_init(struct wpa_supplicant *wpa_s,
enum wpas_dpp_pkex_ver ver, enum dpp_pkex_ver ver,
const struct hostapd_ip_addr *ipaddr, const struct hostapd_ip_addr *ipaddr,
int tcp_port) int tcp_port)
{ {
@ -2889,6 +2883,17 @@ wpas_dpp_rx_pkex_exchange_req(struct wpa_supplicant *wpa_s, const u8 *src,
wpa_printf(MSG_DEBUG, "DPP: PKEX Exchange Request from " MACSTR, wpa_printf(MSG_DEBUG, "DPP: PKEX Exchange Request from " MACSTR,
MAC2STR(src)); MAC2STR(src));
if (wpa_s->dpp_pkex_ver == PKEX_VER_ONLY_1 && v2) {
wpa_printf(MSG_DEBUG,
"DPP: Ignore PKEXv2 Exchange Request when configured to be PKEX v1 only");
return;
}
if (wpa_s->dpp_pkex_ver == PKEX_VER_ONLY_2 && !v2) {
wpa_printf(MSG_DEBUG,
"DPP: Ignore PKEXv1 Exchange Request when configured to be PKEX v2 only");
return;
}
/* TODO: Support multiple PKEX codes by iterating over all the enabled /* TODO: Support multiple PKEX codes by iterating over all the enabled
* values here */ * values here */
@ -3595,6 +3600,11 @@ int wpas_dpp_pkex_add(struct wpa_supplicant *wpa_s, const char *cmd)
{ {
struct dpp_bootstrap_info *own_bi; struct dpp_bootstrap_info *own_bi;
const char *pos, *end; const char *pos, *end;
#ifdef CONFIG_DPP3
enum dpp_pkex_ver ver = PKEX_VER_AUTO;
#else /* CONFIG_DPP3 */
enum dpp_pkex_ver ver = PKEX_VER_ONLY_1;
#endif /* CONFIG_DPP3 */
int tcp_port = DPP_TCP_PORT; int tcp_port = DPP_TCP_PORT;
struct hostapd_ip_addr *ipaddr = NULL; struct hostapd_ip_addr *ipaddr = NULL;
#ifdef CONFIG_DPP2 #ifdef CONFIG_DPP2
@ -3660,27 +3670,22 @@ int wpas_dpp_pkex_add(struct wpa_supplicant *wpa_s, const char *cmd)
if (!wpa_s->dpp_pkex_code) if (!wpa_s->dpp_pkex_code)
return -1; return -1;
pos = os_strstr(cmd, " ver=");
if (pos) {
int v;
pos += 5;
v = atoi(pos);
if (v == 1)
ver = PKEX_VER_ONLY_1;
else if (v == 2)
ver = PKEX_VER_ONLY_2;
else
return -1;
}
wpa_s->dpp_pkex_ver = ver;
if (os_strstr(cmd, " init=1")) { if (os_strstr(cmd, " init=1")) {
#ifdef CONFIG_DPP3
enum wpas_dpp_pkex_ver ver = PKEX_VER_AUTO;
#else /* CONFIG_DPP3 */
enum wpas_dpp_pkex_ver ver = PKEX_VER_ONLY_1;
#endif /* CONFIG_DPP3 */
pos = os_strstr(cmd, " ver=");
if (pos) {
int v;
pos += 5;
v = atoi(pos);
if (v == 1)
ver = PKEX_VER_ONLY_1;
else if (v == 2)
ver = PKEX_VER_ONLY_2;
else
return -1;
}
if (wpas_dpp_pkex_init(wpa_s, ver, ipaddr, tcp_port) < 0) if (wpas_dpp_pkex_init(wpa_s, ver, ipaddr, tcp_port) < 0)
return -1; return -1;
} else { } else {

2
wpa_supplicant/wpa_supplicant_i.h
View file

@ -14,6 +14,7 @@
#include "common/defs.h" #include "common/defs.h"
#include "common/sae.h" #include "common/sae.h"
#include "common/wpa_ctrl.h" #include "common/wpa_ctrl.h"
#include "common/dpp.h"
#include "crypto/sha384.h" #include "crypto/sha384.h"
#include "eapol_supp/eapol_supp_sm.h" #include "eapol_supp/eapol_supp_sm.h"
#include "wps/wps_defs.h" #include "wps/wps_defs.h"
@ -1456,6 +1457,7 @@ struct wpa_supplicant {
struct dpp_bootstrap_info *dpp_pkex_bi; struct dpp_bootstrap_info *dpp_pkex_bi;
char *dpp_pkex_code; char *dpp_pkex_code;
char *dpp_pkex_identifier; char *dpp_pkex_identifier;
enum dpp_pkex_ver dpp_pkex_ver;
char *dpp_pkex_auth_cmd; char *dpp_pkex_auth_cmd;
char *dpp_configurator_params; char *dpp_configurator_params;
struct os_reltime dpp_last_init; struct os_reltime dpp_last_init;